Techly NewsGet the app

Get the latest tech news

Less is safer: How Obsidian reduces the risk of supply chain attacks


Supply chain attacks are malicious updates that sneak into open source code used by many apps. Here’s how we design Obsidian to ensure that the app is a secure and private environment for your thoughts.

It may sound obvious but the primary way we reduce the risk of supply chain attacks is to avoid depending on third-party code. For large libraries like pdf.js, Mermaid, and MathJax, we include known-good, version-locked files and only upgrade occasionally, or when security fixes land. But choosing fewer dependencies, shallow graphs, exact version pins, no postinstall, and a slow, review-heavy upgrade cadence together make Obsidian much less likely to be impacted, and give us a long window to detect problems before code reachesusers.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of risk

risk

Photo of Obsidian

Obsidian

Photo of supply chain attacks

supply chain attacks

Related news:

News photo

VPN usage at risk in Michigan under new proposed adult content law

News photo

The health benefits of sunlight may outweigh the risk of skin cancer

News photo

OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk

« Billionaire Trump Supporter Larry Ellison Is Closing In on CNN, HBO and TikTok
Xmonad seeking help for Wayland port (2023) »